Pyongyang (GPA) – According to a South Korean lawmaker, the Democratic People’s Republic of Korea (DPRK) has stolen US and South Korean military plans.
South Korean parliament member Rhee Cheol-hee, confirmed yesterday that the hack by the DPRK in September had hit South Korean defense systems. He also informed reporters that Pyongyang had made off with a large cache of classified documents.
Included in the stolen material is the US-South Korean ‘decapitation’ strategy. This is the military plan drafted by the two countries to immediately take out DPRK leader Kim Jong Un in the event of a war on the peninsula.
According to Rhee, he obtained this information directly from the defense minister, who it was also revealed was successfully targeted by the hack. The hack focused primarily on networks belonging to the South Korean military, which aren’t supposed to be connected to the internet.
The complete hack – about 235 gigabytes – includes a host of information according to Rhee. This includes military plans for a peninsular war as well as essential sites in South Korea considered high-security priorities, such as power plants and military sites.
The hack – known by the code name “Desert Wolf” – was initially announced immediately after detection in September of last year, but at the time, South Korean leaders wouldn’t divulge what exactly was stolen. While it was later reported by some South Korean news agencies that the stolen data was likely military in nature, there was no clear picture of what that entailed until now.
Besides the ‘decapitation’ plan (known as Operational Plan 5015), another dossier was stolen, called Operational Plan 3100. OP 3100 is apparently a compilation of several contingency plans to deal with potential direct conflict situations that could occur on the peninsula.
The story of how the hack happened according to US and South Korean officials, is that the Defense Ministry contracted a company in 2015 for computer anti-virus software that turned out to be from a company that had been hacked by the DPRK.
According to South Korean experts, the government wasn’t aware of this security breach at the cybersecurity firm until after everything was stolen. South Korea does, however, claim that they tracked the hackers who hit the corporation back to the northeastern Chinese city of Shenyang, which is allegedly a “base for DPRK hacking operations.”
The virus was loaded onto internet-connected computers at the Defense Ministry, which allegedly enabled the transfer of the virus to PCs that only operate on the Ministry’s closed Network. Of course, none of this may be real, as South Korea has also acknowledged that the virus could have ended up on secure computers during a maintenance period where they were “accidentally connected to the internet.”
The DPRK denies being behind the hack and this second explanation could back that up since the internet is full of bad actors. Of course, if a non-state actor did steal this data and the DPRK purchased it, who could blame them?
James Carey is an organizer based in Detroit, Michigan, founder of Geopolitics Alert, and an experienced analyst on Middle Eastern affairs with a particular focus on Turkey. He also covers topics ranging from Latin America and Asia to Europe. You can also hear James in his weekly podcast; The Left is Dead which he co-hosts with investigative journalist Jake Anderson.
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.AcceptRead More
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
2 Comments
Comments are closed.